
---

## **1. What is a RESTful API?**  

### **Definition:**  
A **RESTful API** (Representational State Transfer API) is a web service that follows the **REST architectural principles**. REST is an approach to designing networked applications that enable communication between clients (e.g., web browsers, mobile apps) and servers.

### **Core Principles of REST:**  
RESTful APIs must follow these six principles:

1. **Statelessness:**  
   - Each API request must contain all the necessary information for the server to process it.  
   - The server does **not** store client session data between requests.  
   - Example: If a client wants to fetch user details, it must send the authentication token every time.

2. **Client-Server Architecture:**  
   - The client (frontend) and server (backend) are separate.  
   - The client only interacts with the API and does not directly access the database.

3. **Cacheability:**  
   - Responses should indicate whether they are **cacheable** (stored for future use) or **non-cacheable** (must be fetched fresh every time).  
   - Example: Static resources like images can be cached, while user authentication responses should not.

4. **Layered System:**  
   - The API can have multiple layers, such as:  
     - **Load balancer** (distributes requests)  
     - **Authentication service**  
     - **Database service**  

5. **Uniform Interface:**  
   - REST APIs should follow a **consistent structure** using:  
     - **Standard HTTP methods**: `GET`, `POST`, `PUT`, `DELETE`  
     - **Consistent URL structure** (e.g., `/users/123`)  
     - **JSON/XML response formats**  

6. **Code on Demand (optional):**  
   - The server can send executable code (e.g., JavaScript) to the client.  
   - This is rarely used in REST APIs.

### **Example of a REST API Endpoint:**  
A simple **RESTful API** in Flask:

```python
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/users', methods=['GET'])
def get_users():
    users = [{"id": 1, "name": "Alice"}, {"id": 2, "name": "Bob"}]
    return jsonify(users)

if __name__ == '__main__':
    app.run(debug=True)
```

- The `GET /api/users` endpoint returns a **JSON** list of users.

---

## **2. Explain the concept of API specification.**  

### **Definition:**  
An **API Specification** is a **structured document** that defines how clients should interact with an API. It includes details such as:

- **Endpoints**: URL paths (`/users`, `/orders`, `/products`)  
- **HTTP Methods**: `GET`, `POST`, `PUT`, `DELETE`  
- **Request Parameters**: Query parameters, headers, and body formats  
- **Response Format**: JSON, XML, or HTML  
- **Authentication**: API keys, OAuth, JWT tokens  
- **Error Handling**: HTTP status codes (e.g., `200 OK`, `404 Not Found`)  

### **Popular API Specification Tools:**
- **OpenAPI (Swagger)** – Standard for documenting REST APIs.  
- **Postman** – API testing and documentation tool.  
- **RAML** – RESTful API Modeling Language.  

### **Example OpenAPI (Swagger) Specification:**  
```yaml
openapi: 3.0.0
info:
  title: User API
  version: 1.0.0
paths:
  /users:
    get:
      summary: Get a list of users
      responses:
        '200':
          description: A JSON array of users
          content:
            application/json:
              schema:
                type: array
                items:
                  type: object
                  properties:
                    id:
                      type: integer
                    name:
                      type: string
```

This document specifies that **`GET /users`** returns a list of user objects.

---

## **3. What is Flask, and why is it popular for building APIs?**  

### **What is Flask?**  
Flask is a **Python microframework** for building web applications and APIs. It is called a **microframework** because it is **lightweight and does not include built-in database handling or authentication**.  

### **Why is Flask Popular for APIs?**  
1. **Minimalistic & Lightweight:**  
   - Unlike Django, Flask does **not** enforce a specific structure.  
   - Developers can choose their tools (SQLAlchemy, JWT, etc.).

2. **Easy to Learn:**  
   - Simple to use and beginner-friendly.

3. **Flexible:**  
   - Supports various database integrations and authentication methods.

4. **Built-in Development Server:**  
   - Flask comes with a built-in web server for quick testing.

5. **Extension Support:**  
   - Flask can be extended with **Flask-SQLAlchemy**, **Flask-RESTful**, **Flask-JWT**, etc.

### **Example: A Simple Flask API**
```python
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run(debug=True)
```

---

## **4. What is routing in Flask?**  

### **Definition:**  
Routing refers to **mapping a URL path to a specific function in a Flask application**.  

### **How Routing Works:**  
1. A **URL pattern** (`/home`, `/about`) is defined using `@app.route()`.  
2. When a user visits the URL, the corresponding **view function** is executed.  
3. The function returns a response, such as HTML or JSON.  

### **Example of Routing:**  
```python
from flask import Flask

app = Flask(__name__)

@app.route('/')  # Root URL
def home():
    return "Welcome to Flask!"

@app.route('/about')  # "/about" URL
def about():
    return "This is the About Page"

if __name__ == '__main__':
    app.run(debug=True)
```

### **Dynamic Routing:**  
Flask can handle **dynamic routes** using variables in the URL.

```python
@app.route('/user/<string:name>')
def greet_user(name):
    return f"Hello, {name}!"
```
- Visiting **`/user/Alice`** → `"Hello, Alice!"`

---

## **5. How do you create a simple Flask application?**  

### **Step 1: Install Flask**  
```sh
pip install flask
```

### **Step 2: Create a Flask App (`app.py`)**  
```python
from flask import Flask

app = Flask(__name__)  # Create a Flask app

@app.route('/')  # Define a route
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run(debug=True)  # Run the application
```

### **Step 3: Run the Flask App**  
```sh
python app.py
```

### **Step 4: Access Flask App in Browser**  
- Open **http://127.0.0.1:5000/** in a browser.  
- You should see `"Hello, Flask!"`.

### **Adding More Routes**
```python
@app.route('/about')
def about():
    return "About Page"

@app.route('/contact')
def contact():
    return "Contact Page"
```

This creates an API with:
- `/` → `"Hello, Flask!"`  
- `/about` → `"About Page"`  
- `/contact` → `"Contact Page"`

---



  

---

## **6. What are HTTP methods used in RESTful APIs?**  

### **Definition:**  
HTTP methods (also called HTTP verbs) define the type of action to be performed on a resource in a REST API.

### **Common HTTP Methods:**
| **HTTP Method** | **Purpose** | **Example API Endpoint** | **Description** |
|---------------|------------|----------------|----------------|
| `GET` | Retrieve data | `GET /users` | Fetches all users |
| `POST` | Create a resource | `POST /users` | Creates a new user |
| `PUT` | Update a resource | `PUT /users/1` | Updates an existing user with ID=1 |
| `PATCH` | Partial update | `PATCH /users/1` | Updates only part of user data |
| `DELETE` | Remove a resource | `DELETE /users/1` | Deletes user with ID=1 |

### **Example in Flask:**
```python
from flask import Flask, request, jsonify

app = Flask(__name__)

users = [{"id": 1, "name": "Alice"}, {"id": 2, "name": "Bob"}]

@app.route('/users', methods=['GET'])
def get_users():
    return jsonify(users)

@app.route('/users', methods=['POST'])
def create_user():
    new_user = request.json
    users.append(new_user)
    return jsonify(new_user), 201

if __name__ == '__main__':
    app.run(debug=True)
```
- `GET /users` → Returns all users.  
- `POST /users` → Creates a new user.  

---

## **7. What is the purpose of the `@app.route()` decorator in Flask?**  

### **Definition:**  
The `@app.route()` decorator in Flask **maps a URL path to a function**, making it accessible through a web request.

### **Basic Example:**
```python
from flask import Flask

app = Flask(__name__)

@app.route('/')  # Root URL
def home():
    return "Welcome to my Flask App"

if __name__ == '__main__':
    app.run(debug=True)
```
- Visiting **`http://127.0.0.1:5000/`** returns `"Welcome to my Flask App"`.

### **Using HTTP Methods in `@app.route()`**
By default, `@app.route()` handles `GET` requests. To allow other methods:
```python
@app.route('/users', methods=['GET', 'POST'])
def handle_users():
    if request.method == 'GET':
        return jsonify({"message": "Fetching users"})
    elif request.method == 'POST':
        return jsonify({"message": "Creating a user"})
```
- `GET /users` → Fetch users.  
- `POST /users` → Create a new user.

---

## **8. What is the difference between GET and POST HTTP methods?**  

| Feature | `GET` | `POST` |
|---------|------|------|
| Purpose | Retrieve data | Create a resource |
| Request Body | No | Yes |
| URL Parameters | Yes (query strings) | No (data is in body) |
| Cacheable? | Yes | No |
| Idempotent? | Yes | No |

### **Example in Flask:**
```python
@app.route('/data', methods=['GET', 'POST'])
def handle_data():
    if request.method == 'GET':
        return "GET request received"
    elif request.method == 'POST':
        data = request.json
        return f"Received data: {data}", 201
```
- `GET /data` → `"GET request received"`
- `POST /data` → Requires JSON input.

---

## **9. How do you handle errors in Flask APIs?**  

### **Why Handle Errors?**
- Prevent crashes.
- Provide meaningful responses.
- Improve API reliability.

### **Using Flask's `abort()` Function**
```python
from flask import Flask, jsonify, abort

app = Flask(__name__)

@app.route('/error')
def cause_error():
    abort(404)  # Triggers a 404 Not Found error

if __name__ == '__main__':
    app.run(debug=True)
```
- **`abort(404)`** immediately stops execution and returns a **404 Not Found** response.

### **Custom Error Handlers**
To provide a **custom message** for errors:
```python
@app.errorhandler(404)
def not_found(error):
    return jsonify({"error": "Resource not found"}), 404
```
- Now, any **404 error** returns a **JSON response** instead of the default HTML error page.

### **Handling Invalid JSON Input**
```python
@app.route('/data', methods=['POST'])
def process_data():
    if not request.is_json:
        return jsonify({"error": "Invalid JSON format"}), 400
    data = request.json
    return jsonify(data)
```
- If a request does not send valid JSON, it returns **`400 Bad Request`**.

---

## **10. How do you connect Flask to a SQL database?**  

### **Using Flask-SQLAlchemy (ORM for Flask)**
SQLAlchemy is a popular **Object Relational Mapper (ORM)** for managing databases in Flask.

### **Step 1: Install SQLAlchemy**
```sh
pip install flask-sqlalchemy
```

### **Step 2: Configure Flask to Use a Database**
```python
from flask import Flask
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///users.db'  # SQLite Database
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
db = SQLAlchemy(app)
```
- This configures a **SQLite** database.  
- You can replace `'sqlite:///users.db'` with `'mysql://user:pass@localhost/dbname'` for MySQL.

### **Step 3: Define a Database Model**
```python
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(100), nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)
```
- `id` → Primary Key (Auto-incremented)  
- `name` → Required String  
- `email` → Unique, Required String  

### **Step 4: Create the Database**
```python
with app.app_context():
    db.create_all()  # Creates tables
```

### **Step 5: Insert Data into the Database**
```python
@app.route('/add_user')
def add_user():
    user = User(name="Alice", email="alice@example.com")
    db.session.add(user)
    db.session.commit()
    return "User added!"
```

### **Step 6: Retrieve Data from Database**
```python
@app.route('/users')
def get_users():
    users = User.query.all()
    return jsonify([{"id": u.id, "name": u.name, "email": u.email} for u in users])
```

---



---




---

## **11. What is the role of Flask-SQLAlchemy?**  

### **Definition:**  
Flask-SQLAlchemy is an extension for Flask that provides **Object Relational Mapping (ORM)** capabilities using SQLAlchemy. It allows developers to interact with a database using Python **objects and classes** instead of writing raw SQL queries.

### **Key Features of Flask-SQLAlchemy:**  
✅ Easy **database connection** and management.  
✅ Supports **multiple databases** like SQLite, MySQL, PostgreSQL.  
✅ Provides **querying capabilities** using Python classes.  
✅ Automatically **creates tables** based on model definitions.  
✅ Supports **relationships** between tables.  

---

### **How to Use Flask-SQLAlchemy?**  

#### **Step 1: Install Flask-SQLAlchemy**
```sh
pip install flask-sqlalchemy
```

#### **Step 2: Initialize Flask-SQLAlchemy**
```python
from flask import Flask
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///users.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
db = SQLAlchemy(app)
```
- Uses **SQLite** as the database.
- `SQLALCHEMY_TRACK_MODIFICATIONS = False` to improve performance.

#### **Step 3: Define a Model**
```python
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(100), nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)
```
- `id`: **Primary Key**  
- `name`: **Required String**  
- `email`: **Unique, Required String**  

#### **Step 4: Create Database**
```python
with app.app_context():
    db.create_all()  # Creates the 'users' table in the database
```

#### **Step 5: Insert Data**
```python
@app.route('/add_user')
def add_user():
    user = User(name="Alice", email="alice@example.com")
    db.session.add(user)
    db.session.commit()
    return "User added!"
```

#### **Step 6: Fetch Data**
```python
@app.route('/users')
def get_users():
    users = User.query.all()
    return jsonify([{"id": u.id, "name": u.name, "email": u.email} for u in users])
```

---

## **12. What are Flask blueprints, and how are they useful?**  

### **Definition:**  
Flask **Blueprints** are a way to organize a large Flask application into smaller, reusable **modular components**.  

### **Why Use Blueprints?**  
✅ Helps **structure large applications**.  
✅ Allows separation of **routes** into different files.  
✅ Makes it easier to **reuse** code across multiple Flask projects.  
✅ Can be registered to **one main Flask app**.

---

### **Example of Using Blueprints in Flask**  

#### **Step 1: Create a Blueprint**
Create a new file **`users.py`**:
```python
from flask import Blueprint, jsonify

user_bp = Blueprint('user_bp', __name__)  # Create a blueprint

@user_bp.route('/users')
def get_users():
    return jsonify([{"id": 1, "name": "Alice"}, {"id": 2, "name": "Bob"}])
```

#### **Step 2: Register Blueprint in the Main App**
```python
from flask import Flask
from users import user_bp  # Import the blueprint

app = Flask(__name__)
app.register_blueprint(user_bp, url_prefix='/api')  # Register blueprint

if __name__ == '__main__':
    app.run(debug=True)
```
- `@user_bp.route('/users')` → Now available at **`/api/users`**.
- This helps separate different API functionalities.

---

## **13. What is the purpose of Flask's request object?**  

### **Definition:**  
Flask's **`request`** object is used to access incoming **HTTP request data**, such as **form data, JSON data, query parameters, headers, cookies, and files**.

### **Example Use Cases of `request` Object:**

#### **1. Getting Query Parameters**
```python
from flask import Flask, request

app = Flask(__name__)

@app.route('/search')
def search():
    query = request.args.get('q')  # Get query parameter
    return f"You searched for: {query}"

# URL: http://127.0.0.1:5000/search?q=Flask
```
- **Request:** `GET /search?q=Flask`
- **Response:** `"You searched for: Flask"`

---

#### **2. Handling Form Data (POST Request)**
```python
@app.route('/login', methods=['POST'])
def login():
    username = request.form['username']
    password = request.form['password']
    return f"Login attempt for: {username}"
```
- **Form Data:**
  ```sh
  username=admin
  password=secret
  ```

---

#### **3. Handling JSON Input**
```python
from flask import jsonify

@app.route('/data', methods=['POST'])
def process_data():
    data = request.json  # Read JSON request body
    return jsonify({"received": data})
```
- **Request Body (JSON):**
  ```json
  {
    "name": "Alice",
    "age": 25
  }
  ```
- **Response:**
  ```json
  {
    "received": {"name": "Alice", "age": 25}
  }
  ```

---

## **14. How do you create a RESTful API endpoint using Flask?**  

### **Example: Create a RESTful API for Managing Users**
```python
from flask import Flask, jsonify, request

app = Flask(__name__)

users = [{"id": 1, "name": "Alice"}, {"id": 2, "name": "Bob"}]

@app.route('/users', methods=['GET'])
def get_users():
    return jsonify(users)

@app.route('/users', methods=['POST'])
def create_user():
    new_user = request.json
    users.append(new_user)
    return jsonify(new_user), 201

@app.route('/users/<int:user_id>', methods=['DELETE'])
def delete_user(user_id):
    global users
    users = [u for u in users if u['id'] != user_id]
    return jsonify({"message": "User deleted"}), 200

if __name__ == '__main__':
    app.run(debug=True)
```
- **GET `/users`** → Fetches all users.
- **POST `/users`** → Creates a new user.
- **DELETE `/users/1`** → Deletes a user by ID.

---

## **15. What is the purpose of Flask's jsonify() function?**  

### **Definition:**  
`jsonify()` converts **Python dictionaries or lists** into a **JSON response** for API clients.

### **Why Use `jsonify()` Instead of `return json.dumps(data)`?**
✅ Automatically **sets `Content-Type: application/json`**  
✅ Ensures **UTF-8 encoding**  
✅ Supports **complex data structures like lists and dicts**  

---

### **Example: Using `jsonify()`**
```python
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/data')
def get_data():
    data = {"name": "Alice", "age": 25}
    return jsonify(data)  # Converts Python dict to JSON
```
- **Response:**
  ```json
  {
    "name": "Alice",
    "age": 25
  }
  ```

---




---

## **16. Explain Flask’s `url_for()` function.**

### **Definition:**  
Flask’s `url_for()` function is used to generate URLs dynamically instead of hardcoding them. This makes applications **more maintainable and flexible**.

### **Why Use `url_for()` Instead of Hardcoding URLs?**  
✅ **Automatic URL changes** → If you change a route, `url_for()` updates it automatically.  
✅ **Cleaner Code** → Makes code **less error-prone**.  
✅ **Works with Blueprints** → Helps generate URLs for different Flask modules.  
✅ **Supports Query Parameters** → Allows passing parameters dynamically.  

---

### **Example 1: Generating a URL for a Function**
```python
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/home')
def home():
    return "Welcome to the Home Page!"

@app.route('/generate-url')
def generate_url():
    return url_for('home')  # Generates URL for the 'home' function

if __name__ == '__main__':
    app.run(debug=True)
```
- **Calling `/generate-url` returns** → `"/home"`  

---

### **Example 2: Using URL Parameters**
```python
@app.route('/profile/<username>')
def profile(username):
    return f"Profile of {username}"

@app.route('/show-url')
def show_url():
    return url_for('profile', username='Alice')  
```
- **Calling `/show-url` returns** → `"/profile/Alice"`

---

### **Example 3: Adding Query Parameters**
```python
url_for('search', q='Flask API')
```
- Generates → `"/search?q=Flask+API"`

---

## **17. How does Flask handle static files (CSS, JavaScript, etc.)?**

### **Definition:**  
Flask serves **static files** (CSS, JS, images) using the **`static`** folder.  

### **How to Use Static Files in Flask?**
1. **Create a `static/` directory** inside your project.  
2. **Place CSS, JavaScript, or image files** inside it.  
3. **Use `url_for('static', filename='file_name')`** to link files in templates.  

---

### **Example: Serving a CSS File**
#### **Project Structure**
```
/my_flask_app
    /static
        /css
            styles.css
    /templates
        index.html
    app.py
```

#### **CSS File: `static/css/styles.css`**
```css
body {
    background-color: lightblue;
    text-align: center;
}
```

#### **HTML File: `templates/index.html`**
```html
<!DOCTYPE html>
<html>
<head>
    <link rel="stylesheet" href="{{ url_for('static', filename='css/styles.css') }}">
</head>
<body>
    <h1>Welcome to Flask</h1>
</body>
</html>
```

#### **Flask Code (`app.py`)**
```python
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html')

if __name__ == '__main__':
    app.run(debug=True)
```

- `url_for('static', filename='css/styles.css')` → Generates `"/static/css/styles.css"`

---

## **18. What is an API specification, and how does it help in building a Flask API?**  

### **Definition:**  
An **API Specification** is a structured **documentation** that describes:  
✅ API endpoints (`/users`, `/login`)  
✅ HTTP methods (`GET`, `POST`, `PUT`, `DELETE`)  
✅ Request formats (JSON, query params, form data)  
✅ Response structure & error handling  
✅ Authentication details (tokens, headers)  

### **Why is API Specification Important?**  
✔ Helps **developers understand the API** without reading code.  
✔ Ensures **consistency** across teams.  
✔ Makes API **documentation & testing easier** (e.g., Swagger, Postman).  

---

### **Example API Specification Using Swagger (Flask-Swagger-UI)**  
#### **Step 1: Install Flask-Swagger-UI**  
```sh
pip install flask-swagger-ui
```

#### **Step 2: Define Swagger JSON in Flask**  
```python
from flask import Flask, jsonify
from flask_swagger_ui import get_swaggerui_blueprint

app = Flask(__name__)

SWAGGER_URL = "/swagger"
API_URL = "/static/swagger.json"

swaggerui_blueprint = get_swaggerui_blueprint(SWAGGER_URL, API_URL)
app.register_blueprint(swaggerui_blueprint, url_prefix=SWAGGER_URL)

@app.route('/users', methods=['GET'])
def get_users():
    return jsonify([{"id": 1, "name": "Alice"}])

if __name__ == '__main__':
    app.run(debug=True)
```
- Now visit **`http://127.0.0.1:5000/swagger`** to see the API documentation.

---

## **19. What are HTTP status codes, and why are they important in a Flask API?**  

### **Definition:**  
HTTP status codes are **3-digit numbers** returned by an API **to indicate the result** of a request.

### **Common HTTP Status Codes in Flask APIs**
| Status Code | Meaning                    | Example Use Case |
|-------------|----------------------------|------------------|
| **200 OK** | Request succeeded | Successful API call |
| **201 Created** | Resource created successfully | `POST` request to add data |
| **400 Bad Request** | Client sent an invalid request | Missing fields in JSON request |
| **401 Unauthorized** | Authentication required | Missing API key |
| **403 Forbidden** | User not authorized | Trying to access another user's data |
| **404 Not Found** | Resource does not exist | Fetching a non-existent user |
| **500 Internal Server Error** | Server encountered an issue | Bug in API code |

---

### **Example: Returning HTTP Status Codes in Flask**
```python
@app.route('/user/<int:user_id>')
def get_user(user_id):
    user = next((u for u in users if u['id'] == user_id), None)
    if user:
        return jsonify(user), 200  # OK
    else:
        return jsonify({"error": "User not found"}), 404  # Not Found
```

---

## **20. How do you handle POST requests in Flask?**  

### **Definition:**  
A `POST` request **sends data** to the server, usually in JSON or form data format.  

### **Steps to Handle POST Requests in Flask:**  
1. **Set `methods=['POST']` in `@app.route()`**.  
2. **Use `request.json` to get JSON data**.  
3. **Validate input before processing**.  
4. **Return a response with status code (`201 Created`)**.  

---

### **Example: Handling a POST Request**
```python
from flask import Flask, request, jsonify

app = Flask(__name__)

users = []

@app.route('/users', methods=['POST'])
def add_user():
    data = request.json  # Get JSON request body
    if 'name' not in data:
        return jsonify({"error": "Name is required"}), 400  # Bad Request
    new_user = {"id": len(users) + 1, "name": data['name']}
    users.append(new_user)
    return jsonify(new_user), 201  # Created

if __name__ == '__main__':
    app.run(debug=True)
```
- **Request (POST `/users`)**
  ```json
  {
    "name": "Alice"
  }
  ```
- **Response**
  ```json
  {
    "id": 1,
    "name": "Alice"
  }
  ```

---




---

## **21. How would you secure a Flask API?**  

### **Definition:**  
Securing a Flask API is essential to protect it from **unauthorized access, data leaks, and attacks**. This can be done using authentication, authorization, rate limiting, and other security measures.

---

### **Methods to Secure a Flask API:**

### **1️⃣ Use Authentication (JWT or API Keys)**
- **JWT (JSON Web Token):** A token-based authentication method where a user logs in and receives a **token** to access protected routes.
- **API Keys:** Assign each user a unique key for access.

#### **Example: Securing Routes with JWT**
```python
from flask import Flask, request, jsonify
import jwt
import datetime

app = Flask(__name__)
app.config['SECRET_KEY'] = 'your_secret_key'

def generate_token(user_id):
    token = jwt.encode(
        {'user_id': user_id, 'exp': datetime.datetime.utcnow() + datetime.timedelta(hours=1)},
        app.config['SECRET_KEY']
    )
    return token

@app.route('/login', methods=['POST'])
def login():
    data = request.json
    if data['username'] == 'admin' and data['password'] == 'password':
        return jsonify({'token': generate_token(1)}), 200
    return jsonify({'error': 'Invalid credentials'}), 401

@app.route('/protected', methods=['GET'])
def protected():
    token = request.headers.get('Authorization')
    if not token:
        return jsonify({'error': 'Token is missing'}), 403
    try:
        decoded = jwt.decode(token, app.config['SECRET_KEY'], algorithms=["HS256"])
        return jsonify({'message': 'Welcome!', 'user_id': decoded['user_id']}), 200
    except jwt.ExpiredSignatureError:
        return jsonify({'error': 'Token expired'}), 403

if __name__ == '__main__':
    app.run(debug=True)
```
**🛡 Secure API using JWT Authentication!**

---

### **2️⃣ Use HTTPS**
- Always use HTTPS instead of HTTP to encrypt communication.
- Configure Flask to use SSL certificates.

---

### **3️⃣ Implement Rate Limiting**
Prevent **brute force** attacks by limiting requests from a single IP.

#### **Example: Rate Limiting with Flask-Limiter**
```sh
pip install flask-limiter
```
```python
from flask import Flask
from flask_limiter import Limiter

app = Flask(__name__)
limiter = Limiter(app, key_func=lambda: request.remote_addr)

@app.route('/api')
@limiter.limit("5 per minute")
def limited_api():
    return "You can access this API only 5 times per minute."

if __name__ == '__main__':
    app.run(debug=True)
```

---

### **4️⃣ Secure Database Queries (Prevent SQL Injection)**
- **Use ORM (SQLAlchemy)** instead of raw SQL queries.  
- **Use parameterized queries.**  

---

## **22. What is the significance of the Flask-RESTful extension?**  

### **Definition:**  
`Flask-RESTful` is an **extension** for Flask that simplifies building REST APIs. It helps organize code better by providing **class-based views**.

---

### **Why Use Flask-RESTful?**  
✅ **Class-based views** → Organizes API code better  
✅ **Automatic request parsing** → Handles JSON/form-data automatically  
✅ **Built-in error handling**  

---

### **Installation**
```sh
pip install flask-restful
```

---

### **Example: Flask API Without Flask-RESTful**
```python
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/greet', methods=['GET'])
def greet():
    return jsonify({'message': 'Hello, Flask!'})

if __name__ == '__main__':
    app.run(debug=True)
```
---

### **Example: Flask API With Flask-RESTful**
```python
from flask import Flask
from flask_restful import Api, Resource

app = Flask(__name__)
api = Api(app)

class Greet(Resource):
    def get(self):
        return {'message': 'Hello, Flask-RESTful!'}

api.add_resource(Greet, '/greet')

if __name__ == '__main__':
    app.run(debug=True)
```
📌 **Difference?**
- The **class-based structure** makes it more scalable.
- **API endpoints are defined cleanly** using `add_resource()`.

---

## **23. What is the role of Flask’s session object?**  

### **Definition:**  
The `session` object in Flask stores **temporary user data** across requests. It allows **user authentication, preferences, or cart data** to persist.

---

### **How Does Flask’s `session` Work?**
✅ Uses **cookies** to store session data on the client-side  
✅ The data is **signed** using `app.secret_key` to prevent tampering  
✅ Stores **small amounts of temporary user-specific data**  

---

### **Example: Using Flask Session**
```sh
pip install flask
```
```python
from flask import Flask, session

app = Flask(__name__)
app.secret_key = 'supersecretkey'  # Required for session security

@app.route('/set_session')
def set_session():
    session['username'] = 'Alice'
    return "Session set!"

@app.route('/get_session')
def get_session():
    return f"Logged in as {session.get('username', 'Guest')}"

@app.route('/logout')
def logout():
    session.pop('username', None)
    return "Logged out!"

if __name__ == '__main__':
    app.run(debug=True)
```
---

### **Features of Flask Session**
✔ Stores **user-specific data**  
✔ **Persists across requests**  
✔ **Can be cleared** using `session.pop()`  

---


In [6]:
# QUESTION 1: How do you create a basic Flask application?

!pip install flask
from flask import Flask
from google.colab.output import eval_js
from IPython.display import display, Javascript

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

def get_ngrok_url():
    print("Click the link below to access the Flask app:")
    return eval_js("google.colab.kernel.proxyPort(5000)")

if __name__ == '__main__':
    print(get_ngrok_url())  # Get public URL
    app.run(host='0.0.0.0', port=5000)


Click the link below to access the Flask app:
https://5000-m-s-2rrkoiziuioz1-c.us-central1-0.prod.colab.dev
 * Serving Flask app '__main__'
 * Debug mode: off


 * Running on all addresses (0.0.0.0)
 * Running on http://127.0.0.1:5000
 * Running on http://172.28.0.12:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug:127.0.0.1 - - [02/Apr/2025 09:03:57] "GET / HTTP/1.1" 200 -
INFO:werkzeug:127.0.0.1 - - [02/Apr/2025 09:03:58] "[33mGET /favicon.ico HTTP/1.1[0m" 404 -


In [8]:
# QUESTION 2: How do you serve static files like images or CSS in Flask?

from flask import Flask, send_from_directory

app = Flask(__name__)

# Route to serve a CSS file
@app.route('/static/css/<path:filename>')
def serve_css(filename):
    return send_from_directory('static/css', filename)

# Route to serve an image
@app.route('/static/images/<path:filename>')
def serve_image(filename):
    return send_from_directory('static/images', filename)

if __name__ == '__main__':
    app.run()


 * Serving Flask app '__main__'
 * Debug mode: off


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m


In [None]:
# QUESTION 3: How do you define different routes with different HTTP methods in Flask?

from flask import Flask, request

app = Flask(__name__)

# Route that supports GET and POST methods
@app.route('/data', methods=['GET', 'POST'])
def handle_data():
    if request.method == 'GET':
        return "This is a GET request"
    elif request.method == 'POST':
        return "This is a POST request"

# Route that supports only PUT method
@app.route('/update', methods=['PUT'])
def update_data():
    return "This is a PUT request"

# Route that supports DELETE method
@app.route('/delete', methods=['DELETE'])
def delete_data():
    return "This is a DELETE request"

if __name__ == '__main__':
    app.run()


In [None]:
# QUESTION 4: How do you render HTML templates in Flask?

from flask import Flask, render_template

app = Flask(__name__)

# Route to render an HTML template
@app.route('/')
def home():
    return render_template('index.html')

if __name__ == '__main__':
    app.run()


In [None]:
# QUESTION 5: How can you generate URLs for routes in Flask using url_for?

from flask import Flask, url_for

app = Flask(__name__)

# Sample route
@app.route('/')
def home():
    return f"Home Page - <a href='{url_for('profile', username='john_doe')}'>Go to Profile</a>"

# Dynamic route with a parameter
@app.route('/profile/<username>')
def profile(username):
    return f"Welcome to {username}'s profile!"

if __name__ == '__main__':
    app.run()


In [None]:
# QUESTION 6: How do you handle forms in Flask?

from flask import Flask, render_template, request

app = Flask(__name__)

# HTML form template
form_html = """
<!DOCTYPE html>
<html>
<head>
    <title>Flask Form</title>
</head>
<body>
    <h2>Enter Your Name</h2>
    <form method="POST">
        <input type="text" name="username" required>
        <input type="submit" value="Submit">
    </form>
    {% if name %}
        <h3>Hello, {{ name }}!</h3>
    {% endif %}
</body>
</html>
"""

@app.route('/', methods=['GET', 'POST'])
def form():
    if request.method == 'POST':
        name = request.form['username']
        return render_template('form.html', name=name)
    return render_template('form.html', name=None)

# Save the form HTML as a template file
with open("templates/form.html", "w") as file:
    file.write(form_html)

if __name__ == '__main__':
    app.run()


In [5]:
#Question 7 How can you validate form data in Flask?
from flask import Flask, request, render_template_string

app = Flask(__name__)

HTML_FORM = """
<!DOCTYPE html>
<html>
<head>
    <title>Flask Form Validation</title>
</head>
<body>
    <h2>Flask Form Validation</h2>
    <form method="POST" action="/submit">
        <label for="name">Name:</label>
        <input type="text" id="name" name="name" value="{{ name or '' }}">
        <span style="color: red;">{{ errors.name if errors and 'name' in errors else '' }}</span>
        <br><br>

        <label for="email">Email:</label>
        <input type="text" id="email" name="email" value="{{ email or '' }}">
        <span style="color: red;">{{ errors.email if errors and 'email' in errors else '' }}</span>
        <br><br>

        <button type="submit">Submit</button>
    </form>

    {% if success %}
        <p style="color: green;">{{ success }}</p>
    {% endif %}
</body>
</html>
"""

@app.route('/')
def index():
    return render_template_string(HTML_FORM)

@app.route('/submit', methods=['POST'])
def submit():
    data = request.form
    errors = {}

    # Validate name field
    name = data.get('name')
    if not name:
        errors['name'] = "Name is required."
    elif len(name) < 3:
        errors['name'] = "Name must be at least 3 characters long."

    # Validate email field
    email = data.get('email')
    if not email:
        errors['email'] = "Email is required."
    elif '@' not in email or '.' not in email:
        errors['email'] = "Invalid email format."

    # If there are validation errors
    if errors:
        return render_template_string(HTML_FORM, errors=errors, name=name, email=email)

    # If validation passes
    return render_template_string(HTML_FORM, success="Form submitted successfully!", name=name, email=email)

if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [6]:
# QUESTION 8: How do you manage sessions in Flask?

from flask import Flask, session, jsonify

app = Flask(__name__)

# Secret key is required for session handling
app.secret_key = "supersecretkey"

# Route to set a session variable
@app.route('/set-session')
def set_session():
    session['username'] = 'JohnDoe'  # Storing data in session
    return jsonify({"message": "Session has been set!"})

# Route to get a session variable
@app.route('/get-session')
def get_session():
    username = session.get('username', 'Not Set')  # Retrieving session data
    return jsonify({"username": username})

# Route to clear a session variable
@app.route('/clear-session')
def clear_session():
    session.pop('username', None)  # Removing session data
    return jsonify({"message": "Session has been cleared!"})

if __name__ == '__main__':
    app.run(debug=True)  # Running the Flask app


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [7]:
# QUESTION 9: How do you redirect to a different route in Flask?

from flask import Flask, redirect, url_for

app = Flask(__name__)

# Home route
@app.route('/')
def home():
    return "Welcome to the Home Page!"

# Route to handle redirection
@app.route('/redirect-me')
def redirect_me():
    return redirect(url_for('home'))  # Redirecting to the home route

if __name__ == '__main__':
    app.run(debug=True)  # Running the Flask app


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [None]:
# QUESTION 10: How do you handle errors in Flask (e.g., 404)?

from flask import Flask, render_template

app = Flask(__name__)

# Home route
@app.route('/')
def home():
    return "Welcome to the Home Page!"

# Custom error handler for 404 Not Found
@app.errorhandler(404)
def page_not_found(error):
    return "<h1>404 - Page Not Found</h1>", 404  # Returning a custom 404 page

if __name__ == '__main__':
    app.run(debug=True)  # Running the Flask app


In [None]:
# QUESTION 11: How do you structure a Flask app using Blueprints?

from flask import Flask, Blueprint

app = Flask(__name__)

# Creating a Blueprint for user-related routes
user_bp = Blueprint('user', __name__)

@user_bp.route('/profile')
def profile():
    return "User Profile Page"

@user_bp.route('/settings')
def settings():
    return "User Settings Page"

# Registering the Blueprint with the Flask app
app.register_blueprint(user_bp, url_prefix='/user')

# Home route
@app.route('/')
def home():
    return "Welcome to the Home Page!"

if __name__ == '__main__':
    app.run(debug=True)  # Running the Flask app


In [None]:
# QUESTION 12: How do you define a custom Jinja filter in Flask?

from flask import Flask, render_template_string

app = Flask(__name__)

# Defining a custom Jinja filter
def reverse_string(s):
    return s[::-1]

# Registering the custom filter with Flask
app.jinja_env.filters['reverse'] = reverse_string

@app.route('/')
def home():
    template = """
    <html>
        <body>
            <h1>Custom Jinja Filter Example</h1>
            <p>Original: Hello Flask!</p>
            <p>Reversed: {{ 'Hello Flask!' | reverse }}</p>
        </body>
    </html>
    """
    return render_template_string(template)

if __name__ == '__main__':
    app.run(debug=True)  # Running the Flask app


In [None]:
# QUESTION 13: How can you redirect with query parameters in Flask?

from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route('/')
def home():
    return "<h1>Home Page</h1><p>Go to <a href='/login'>Login</a></p>"

@app.route('/login')
def login():
    # Redirecting to the profile page with a query parameter (username)
    return redirect(url_for('profile', username='Shasang'))

@app.route('/profile')
def profile():
    username = request.args.get('username', 'Guest')  # Retrieving query parameter
    return f"<h1>Welcome, {username}!</h1>"

if __name__ == '__main__':
    app.run(debug=True)  # Running the Flask app


In [None]:
# QUESTION 14: How do you return JSON responses in Flask?

from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/data')
def get_data():
    # Creating a sample dictionary to return as JSON
    data = {
        "name": "Shasang",
        "age": 25,
        "city": "Surat"
    }

    # Returning JSON response using jsonify()
    return jsonify(data)

if __name__ == '__main__':
    app.run(debug=True)  # Running the Flask app


In [None]:
# QUESTION 15: How do you capture URL parameters in Flask?

from flask import Flask

app = Flask(__name__)

# Defining a route with a URL parameter <username>
@app.route('/user/<username>')
def show_user_profile(username):
    return f'User Profile: {username}'  # Returning the captured username

# Defining a route with an integer URL parameter <int:user_id>
@app.route('/user/id/<int:user_id>')
def show_user_by_id(user_id):
    return f'User ID: {user_id}'  # Returning the captured user ID

if __name__ == '__main__':
    app.run(debug=True)  # Running the Flask app
